tavily

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed API keys directly (config fields, --api-key CLI args, and api_key="tvly-...") which encourages the model to produce outputs containing secret values verbatim, creating an exfiltration risk despite also mentioning env vars.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill performs open-web searches via the Tavily Search API and returns untrusted, user-generated third-party content (e.g., structured results with title, url, content, and raw_content fields, image URLs, and news/general web results as described under "Structured Results", "Raw HTML Content", and the architecture/response options), which the agent is expected to read and synthesize.